I've started leaning towards Greg's view that authentication should be left out
of CVS. So long as the client can send username info to the server, CVS_RSH=ssh
is good enough for our needs.
Noel
[EMAIL PROTECTED] on 2000.06.10 18:59:12
To: [EMAIL PROTECTED]
cc: [EMAIL PROTECTED]
Subject: Re: SRP implementation in CVS
>>>>> "NLY" == Noel L Yap <[EMAIL PROTECTED]> writes:
NLY> Has anyone thought of implementing SRP in CVS? FYI, SRP stands for
NLY> Secure Remote Password. The protocol enables password authentication
NLY> without sending passwords through the wire either in plaintext or
NLY> encrypted. I'm thinking this protocol, coupled with cookie (ie
NLY> .cvspass) aging, would greatly increase the security of pserver.
http://alexm.here.ru/cvs-nserver/ architecture allows for very simple
SSLizing of CVS-pserver. The problem (if that is the problem) is to find
somebody who will write cvs-sslserver and SSLize the client.
(I hope that no one will ever propose using something different from
SSL/TLS? ;)
And yes, SSL support is greatly needed.
dash dash tragedy
This communication is for informational purposes only. It is not intended as
an offer or solicitation for the purchase or sale of any financial instrument
or as an official confirmation of any transaction. All market prices, data
and other information are not warranted as to completeness or accuracy and
are subject to change without notice. Any comments or statements made herein
do not necessarily reflect those of J.P. Morgan & Co. Incorporated, its
subsidiaries and affiliates.
